The snow is falling, there’s a cozy fire roaring in your fireplace, and you’re on your third episode of Holiday Baking Championship. You’ve decided it’s the perfect time to scour the web for last minute holiday steals. And you’re not alone; Adobe’s 2019 Holiday Shopping Trend Predictions Report estimates that US online holiday shopping (November-December) will reach $143.7B. That’s a 14.1% growth over 2018!
Cyber criminals are well aware that this year’s holiday shopping season is significantly shorter than last year, with only 22 days between Cyber Monday and Christmas; and these Grinches will do whatever it takes to trick you into handing out sensitive information.
With the pressure on to get shopping done in less than a month, holiday bargain hunters will have to be even more diligent when it come to shopping safely. Follow these 7 tips to keep your holiday shopping experience holly jolly.
Protect your accounts
It’s tempting to use the same, easy to remember password across all your online shopping and banking accounts. Resist the temptation! A unique, strong password is a great first step to keep you safe from the threats that lurk online. When creating a password, refrain from using your name, date of birth, dictionary words, sequences (ex. abc123), common substitutions (ex. P@$$w0rd), and the word “password”. Instead, make it long (at least 12 characters), include special characters ($%&, etc.), switch up the capitalization, and make it random. You can also bolster your online security by enabling multi-factor authentication, when available.
How-To Geek has a great method for creating and remembering your passwords, “For example, you might find it easier to remember a sentence like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” You can turn that sentence into a password by using the first digits of each word, so your password would become TfhIeliw613FS.Rw$4pm. This is a strong password at 21 digits. Sure, a true random password might include a few more numbers and symbols and upper-case letters scrambled around, but it’s not bad at all”.
You can check out our guide to strong passwords here.
Use a VPN on public networks
Do you plan on catching up on holiday shopping while waiting for your daughter to finish her swim lessons? Think twice before clicking “buy” on that public WiFi network. A virtual private network, or VPN, helps protect you by creating a secure, private network when using public WiFi. Without a VPN, your browsing history, IP address, location, and online activity are all up for grabs when on a public network. A VPN helps protect you against these invasions of privacy and possible identity theft by encrypting all your online traffic.
Do your research
As you probably already know, not every website is safe to visit, let alone enter your credit card information into. Determining the legitimacy of a website used to be as simple as looking for the padlock (signifying SSL encryption). Unfortunately, that’s not the case anymore – in 2018, 68% of active malware sites used encryption. If there isn’t a padlock at all, absolutely avoid entering in your password or payment information.
So how can you tell if a site is safe? Right off the bat, there are some signs that scream “fake site”. These include overly flashy images (i.e. biggest sale ever!!!!!! in flashing lights), popups, misspellings/poor grammar, and multiple redirects. You can also use your browser’s built-in safety tools to block popups, disable Flash, stop automatic downloads, and much more. Google’s Safe Browser tool allows you to enter a URL and see if any unsafe content has been found on that site. When in doubt, the safest thing you can do is make your holiday purchases somewhere else.
Credit > debit
Fraudulent charges on your credit card are easier to dispute since your credit card isn’t backed by your bank account. Consider using a virtual credit card instead of a plastic one. Virtual cards have a shorter lifespan and you can impose stricter credit limits on them. You can even designate them for purchases at specific merchants. For even more protection, sign up for text alerts so you’re notified whenever a charge is processed on one of your cards.
Click safely
Phishing is one of the most common attack vectors year-round, but there’s a significant spike in phishing attempts during the holiday season. In fact, according to F5, fraud incidents jump over 50% from the annual average October-December (below). A boost in online shopping and holiday distractions are both potential contributors to this increase. As your inbox fills with emails from family members or your favorite retailers boasting their “biggest sale of the year”, it’s easy to accidentally click on an email link when you shouldn’t. Remember to always check links before you click them and verify sender email addresses.
Track your charges
Your job isn’t done just because you’ve made your purchases and checked everyone off your list. Be sure to review your credit card statement or bank account to verify withdrawals. Any suspicious activity is best caught early on. Likewise, don’t click on any links if you get a text or email from your bank or lender claiming suspicious activity on your account. This could be a phishing or SMiShing attempt. Instead, directly contact your financial institution using the phone number or website provided on the back of your card.
Remember phone safety
According to Adobe, nearly half of all holiday shopping will be done on smartphones this year. For the first time ever, more Christmas Day purchases will be made via smartphone than any other device. These predictions highlight the need for mobile device safeguards. At the beginning of 2019, Check Point discovered cyber attacks targeting mobile devices have risen 50% since 2018.
A lot of the tips mentioned above, like a strong password (made even stronger when you use facial or fingerprint recognition) and VPN, can be put to use on your phone. If you plan on downloading a VPN app (or any other app), review the developer information and reviews before downloading to ensure you’re downloading an official, reputable app.
